ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw RPA

Record browser & local-file actions once; replay runs without the LLM—save $ vs AI browsing, faster, no hallucinations. github.com/laziobird/openclaw-rpa

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 15 · 0 current installs · 0 all-time installs
by@laziobird
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included files: this is an RPA recorder that produces Playwright Python scripts and a small CLI (rpa_manager.py, recorder_server.py, and multiple generated scripts). The manifest does not declare Python or playwright as required binaries even though the templates and examples clearly expect python3 and the playwright package; this is a minor omission (not necessarily malicious) but worth noting.
Instruction Scope
SKILL.md instructs the agent to read locale-specific SKILL.*.md and to run the local rpa_manager.py recorder commands. The instructions reference only files inside the skill directory (config.json / config.example.json, SKILL.*.md, rpa_manager.py, recorder_server.py, etc.) and to run local Python-playwright scripts. The skill does not instruct reading unrelated system files or exfiltrating data to unknown endpoints in the provided content.
Install Mechanism
No install spec is provided (instruction-only behavior), and requirements.txt lists playwright. No downloads from untrusted URLs or extract operations are present in the registry metadata. There are local helper scripts (scripts/install.sh) but nothing in the metadata forces their execution automatically.
Credentials
The skill declares no required environment variables, credentials, or config paths. The files do write outputs (default to Path.home()/Desktop) and assume a local Python/runtime environment; this is proportionate for an RPA tool. There are no unexplained requests for unrelated credentials.
Persistence & Privilege
always:false (normal). The skill writes/reads files within its directory and writes output files to the user's Desktop when Playwright scripts run; it does not request to modify other skills or global agent settings. Autonomous invocation is allowed by default but that is platform normal and not in itself a red flag.
Assessment
This skill appears to be what it says: an RPA recorder that generates Playwright Python scripts and replays them locally. Before installing or using it: 1) Expect it to launch a real browser (headed Playwright) and to write output files to your desktop; don't record tasks that involve entering highly sensitive credentials unless you trust the environment. 2) The package assumes Python 3 and Playwright are available (they are referenced in templates and requirements.txt) even though required binaries were not declared — install and run in a controlled environment (venv or container). 3) Review recorder_server.py, rpa_manager.py and any scripts (install.sh, bootstrap_config.py) for networking endpoints or unexpected behavior before running; if you intend to record automated interactions with accounts (banking, email, etc.), prefer test accounts. 4) If you want to restrict risk, run the skill in an isolated VM or container, and inspect generated scripts in rpa/ before executing them.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97c0m44j8ja7dvpnnk4gt7nn9841x7d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
OSmacOS · Linux

SKILL.md

openclaw-rpa — Locale router (read this first)

GitHub: https://github.com/laziobird/openclaw-rpa — source, README, install, sample scripts under rpa/.

Example flows (ideas; record once, replay many times—follow each site’s terms and local law): e‑commerce login & shopping; Yahoo Finance stock quotes / news headlines; movie sites reviews & ratings in one automated run.

What this skill does

openclaw-rpa turns repeatable web and optional local file work into a Playwright Python script by recording what actually happens in a real browser (plus file steps when needed). Replay runs that script directly—not the model clicking every time—so runs are deterministic, cheaper, and less error-prone than ad-hoc “automate this now” prompts.

Why this matters

  1. Saves compute and money — Having a large model drive the browser on every run can cost roughly single-digit to tens of US dollars per heavy session (tokens, tools, long context). After you record once, repeat work does not call the model—replay is much faster and near-zero LLM cost for those steps.
  2. Verify once, run the same way every time — During recording you confirm the flow works; later, replay executes the saved steps deterministically. You avoid asking the AI to “do it again” on every run, which hurts consistency and raises hallucination risk.

When to use

You want to…Send
Start recording a new flow#automation robot, #RPA, #rpa, or mention Playwright automation
See saved tasks you can run#rpa-list
Run a saved task (e.g. new chat)#rpa-run:{task name}
Run in this chatrun:{task name} (zh-CN: #运行:{任务名})

Quick start (after install)

#rpa-list
#rpa-run:your-task-name

Full protocol, state machine, and record-step JSON live in the locale file below.

Mandatory: load the correct instruction file

  1. Read config.json in this skill directory. If it does not exist, read config.example.json (same shape; default locale is en-US).

  2. Read the "locale" field. Allowed values: zh-CN and en-US (repository default in config.example.json: en-US).

  3. Immediately use the Read tool to load the full skill body:

    • zh-CNSKILL.zh-CN.md
    • en-USSKILL.en-US.md

  4. Follow only that file for state machine, triggers, record-step JSON, onboarding text, and user-facing replies.

  5. Reply to the user in the active locale’s language:

    • zh-CN → Simplified Chinese for agent messages (user may still type English).
    • en-US → English for agent messages (user may still type Chinese).

Changing language

  • Copy config.example.jsonconfig.json if needed (python3 scripts/bootstrap_config.py), then edit "locale", or
  • Run: python3 scripts/set_locale.py en-US / python3 scripts/set_locale.py zh-CN (creates config.json from the example when missing).

After a locale change, the agent should re-read the matching SKILL.*.md in a new turn or session. See README.md in this directory for the full workflow.

ClawHub / discovery

  • SKILL.md (this file): short router + when to use + quick start for listings like ClawHub.
  • SKILL.zh-CN.md / SKILL.en-US.md: full onboarding, recording, RUN/LIST, and anti-timeout rules.

Relative paths

When the loaded file references playwright-templates.md, synthesis-prompt.md, or rpa_manager.py, resolve paths relative to this skill directory (parent of SKILL.md).

Files

27 total
Select a file
Select a file to preview.

Comments

Loading comments…